The National Computer Emergency Response Team (National CERT) has issued a significant warning concerning a vulnerability in Microsoft Windows Server Update Services (WSUS), which is currently being exploited by hackers. This vulnerability, designated as CVE-2025-59287, allows for remote code execution (RCE), granting attackers full control over affected servers. Exploitation can lead to the execution of any commands on the server, data theft, or the installation of malicious software. Microsoft has released a security update to address this issue.
The vulnerability has a severity score of 9.8 out of 10 and is rooted in the insecure handling of WSUS authorization cookies. Windows Server installations that haven’t been updated and expose WSUS web connections on ports 8530 (HTTP) or 8531 (HTTPS) are particularly at risk. Reports indicate that attackers are using this vulnerability to distribute malware, acquire login credentials, and navigate through connected networks.
The advisory highlights that executing this attack is relatively straightforward, requiring no user interaction or administrative privileges. Attackers only need to have network access to the WSUS service to send harmful web requests that can exploit the vulnerability. System administrators are urged to scrutinize their server and IIS logs for any unusual commands or web traffic directed at the WSUS services.
To protect their systems, National CERT recommends that organizations promptly apply Microsoft’s October 2025 security patch, restrict access to WSUS ports from untrusted networks, and limit WSUS access to only internal, trusted users. If immediate patching is not feasible, organizations are advised to temporarily disable or isolate vulnerable WSUS servers and monitor their systems closely.
Given that this vulnerability is actively being exploited, IT teams in both governmental and private sectors must treat this situation as a top priority.
For further details, refer to the related articles on critical security flaws in networking devices here.